Data8 Ltd.

Bank Validation

Our Bank Validation validates that Account Numbers and sort codes are correct avoids failed payments reduces administration and and helps provide a better customer experience. The service also returns BIC, IBAN, Branch name and bank name and services accepted such as Direct Debits for the account.

Features

• Validates Account and Sort Code
• Auto completes the BIC, IBAN, Branch name and bank name
• Identifies what payment types that are available
• Validates all major debit and credit cards
• API Integration
• Covers UK and Ireland banks

Benefits

• Capture accurate bank details first time, every time
• Help fraud protection
• Improve customer experience
• Avoid unnecessary operational costs
• Ensure SEPA compliance
• Save money by avoiding failed payments
• Flexible Pricing Options
• Online dashboard to monitor usage

£0.02 to £0.04 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@data-8.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

720855633946511

Contact

Dale Pilling
01513554555
info@data-8.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: There are no specific service constraints
• System requirements:
  • Standard internet connection
  • Ability to call an external web service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: All tickets have an automated response acknowledgement. During working hours (Monday - Friday 9am - 5:30pm), we provide a guaranteed 2 hour response.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Our web chat is accessible via our website with users required to provide first name, last name and an email address. Users are able to interact with internal staff within Data8 who are knowledge experts within their fields and because our web chat solution integrates with our own CRM system then any conversations can be tracked and linked to cases to ensure end-to-end account and technical support.
• Web chat accessibility testing: We have not at this stage done any specific testing with assistive technology users.
• Onsite support: Yes, at extra cost
• Support levels: We do not charge for any support except for onsite clienet visits, full support is included within our cost structures. All our clients benefit from a dedicated Account Management team, within the team dedicated individuals are assigned to pro-actively manage the requirements of our clients. Additional members of our team are also trained to provide the required cover during any holiday and sickness periods. ; Our Account Management team communicate effectively with our clients and their responsibilities include but are not limited to the following:; • Customer Onboarding and Management of all aspects of any service level agreements; • Working alongside the Technical Team to progress technical requirements effectively ; • Dealing with new requests that occur during a contract; • Effectively dealing with any clients queries; • Ensuring all financial aspects are dealt with accurately; • Meeting with clients as required; • Acting as the first point of contact for issue resolution; • Actively obtaining all information from clients which is required to deliver work effectively
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: In order to access the service you will need to register a username and password, these will be used to authenticate the web service requests and will provide access to the admin dashboard.; ; User Documentation and sample code will be provided to assist with the integration. We also provide pro-active support typically through a combination of email, telephone and online demonstrations. Onsite visits can be carried out but our service is simple to integrate and it is unlikely that this will be required.; ; A free trial can be provided which gives our clients the opportunity to test the integration within their systems before going live. We fully support all clients during the free trial proving direct access to our specialist Technical Team as and when required.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We do not store the data as part of our service, so there is no need to extract data when the contract ends.
• End-of-contract process: Our contract ends at the point where either the number of credits or the term has expired. Following this the users will no longer have access to the service unless the contract is extended in some way. There are no additional termination fees at the point where the contract ends.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We offer full compatibility with mobile devices.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Users can set up and access the API using a number of different protocols as described in our service definition document. The full functionality, with no limitations, can be accessed through the API. The service can be customised and changes made as detailed in the question below. Free trials of the API can be arranged to enable users to test compatibility and integration.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The API can be customised in a number of ways to meet the buyer needs including but not limited to the following:, the mechanism for triggering the service requests and how an invalid response is reported and displayed to a user; ; The customisation is restricted to users who have the relevant administrator access. ; ; The full extent to how our service can be configured is detailed in our service documentation.

Scaling

• Independence of resources: All applications are run in a load-balanced environment and we constantly monitor the system to ensure there is sufficient capacity, and extend the capacity with additional infrastructure as required. We ensure that our services do not run at a capacity that would enable users to be affected by the demand from other users.

Analytics

• Service usage metrics: Yes
• Metrics types: All our clients benefit from access to a live dashboard, which provides the following: Number of Lookups performed which can be displayed by day, country and display response type Number of Lookups remaining Estimated date of expiry Number of lookups used by day Country they have been used Statistics can easily be downloaded and exported as a .csv to allow implementation in excel etc., or pre-configured reports can be built and sent periodically as agreed which can include additional information such as Authentication Type - Protocol Type - Referrer Domain - API Key - IP Address - Application Name
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: User data is not stored as part of this service, so there is no requirement to export data.
• Data export formats: Other
• Other data export formats: User data is not stored as part of this service
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We provide service levels which provide financial recompense if certain levels of service availability are not achieved.
• Approach to resilience: We use two geographically separated data centres with independent suppliers in an active/active configuration to protect against data centre outage. Each data centre runs a load balanced set of servers to protect against individual server failure
• Outage reporting: A public dashboard is available that shows the status for all our sevices. We also offer a service availability API which is included free of charge for all our sevices.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Role-based authorisation restricts access to individual areas of the management interface.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QAS International
• ISO/IEC 27001 accreditation date: 27/08/2021
• What the ISO/IEC 27001 doesn’t cover: All our services and associated infrastructure are covered by our ISO/IEC 27001
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Fiserv
• PCI DSS accreditation date: 26/08/2021
• What the PCI DSS doesn’t cover: We have level 4 PCI
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: IASME Information Security Standard

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Data8 recognises that the disciplines of confidentiality, integrity and availability in Information Security Management are integral parts of its management function. The Management of Data8 views these as primary responsibilities and fundamental to the best business practice of adopting appropriate Information Security Controls, along the lines laid down in the BS ISO / IEC 27001:2013 standard.; ; Data8 have an Information Security Policy which seeks to operate to the highest standards continuously and implements and operates fully BS ISO / IEC 27001:2013 standard, including continual improvement, through registration and annual review. Responsibility for upholding this policy is truly organisation-wide with the guidance and assistance of the Managing Director who encourages the commitment of all staff to address Information Security as part of their skills. All employees undertake Information Security training as part of their induction along with formal training annually in addition to continual on the job training. Regular internal and external audits are undertaken which are reported to the Managing Director.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All change requirements are tracked and linked to final implementation details such as code changes. Security impact is included as part of the review process before changes are accepted for deployment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerabilities are logged as security incidents and categorised by severity. Patches can be deployed on a continual basis within 30 minutes. Information will come from internal testing and reviews and the technology/infosec media.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Intrusion Detection and Firewall notification reports. Responses may include temporarily disabling a service or blocking a source IP address, typically within 30 minutes.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a documented and enforced policy which complies with ISO/IEC 27001: 2013 standard

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We see our impact as being quite small as we do not have a physical product or output. However, we seek excellence in every aspect of our business and is committed to minimising the environmental impacts of our business operations. ; ; We minimise travel by our employees as much as possible and we have developed demonstrations for all our products and services so that they can be delivered via an online meeting as opposed to face-to-face meetings. We deliver over 95% of the training and support for our services via online meetings. ; We have a flexible working policy and many of our employees work from home on a regular basis reducing travel to and from the office. The Directors of the Company use Electric Vehicles, we also encourage employees to cycle to work and provide access to salary sacrifice schemes such as Cycle to Work schemes. ; ; We have designated recycling bins in the office to ensure everything is recycled where possible. All our communications to clients including invoices, quotes and statements are delivered electronically to minimise printing and where printing is necessary all our printers are configured to print on both sides. We minimise energy in our server centres by utilising low energy Dell Servers. We have plans to reduce our size in the server centres as we move to more cloud-based servers.; ; We have an environmental policy in place which sets out our objectives and we communicate the importance of environmental issues to our employees on a regular basis and we work together with our employees, service partners, suppliers, landlords and their agents to promote improved environmental performance.
• Covid-19 recovery:

  Covid-19 recovery

  As we continue to grow, we create employment opportunities within our business, experience is not always essential for many of our roles meaning they can be suitable for those who may have been left unemployed by COVID-19 and need to retrain. ; ; The measures taken because of the Covid-19 pandemic involved initially all staff working from home. The board stressed how essential it was that we all communicated each other on a regular basis and as a result regular calls were arranged for each of our teams which took place at least 3 times a week allowing the team members to share the work they were doing and obtain assistance or guidance from other team members. ; To help support the mental health of our employees, alongside this we arranged calls via Teams each week involving the whole company, this was a general catch up and it was made clear that work should not be discussed at these sessions. We also held several social events in the evening including bingo and charades where employees’ partners were invited to and attended, and we carried our fun quizzes on a regular basis during working hours. ; ; We have improved workplace conditions that support the COVID-19 recovery effort in many ways. We introduced effective social distancing on return to the office since the change in government guidance regarding working from home, flexible working arrangements have been agreed for many members of staff allowing them to work from home at certain times. ; ; Face to face client meetings with clients and suppliers have been replaced with online meetings wherever possible to reduce travel and we have carried out a companywide training program for online demonstrations and training for all our services.
• Equal opportunity:

  Equal opportunity

  Data8 is open to employing a wide and diverse population staff, to consolidate and build upon this diversity, it is essential that equality of opportunity and the absence of unfair discrimination be at the core of all the company’s activities. Data8 recognises the link between equality and quality and do not unfairly discriminate in the recruitment or general treatment of staff based on age, colour, disability, ethnicity, ethnic origin, gender, marital status, national origin, race, religion, sexual identity or belief or any other factor. The company is committed to promoting and developing equality of opportunity in all its functions and its commitment to equality and diversity is communicated to all employees including where responsibility lies for equality issues. Training is provided and we take positive action to redress any imbalances in the workforce and treat acts of discrimination as a disciplinary offence.; ; The Directors have responsibility for ensuring that the company operates within the legal framework for equality and for implementing the policy throughout the company.; We actively support in work-progression and all our Senior Management Team who head various functions within the business have been internal promotions. Training is offered and we make it clear to employees they can request this at any time. We encourage all employees to learn skills and experience for their role which can include formal qualifications, many of our staff have gained formal qualifications relating to our industry.; We have zero tolerance to slavery and human trafficking; all our employees are paid more than the minimum wage and are contracted to work no more than 37.5 hours per week. We expect those in our supply chain and contractors to comply with our values and manage this through our supplier onboarding process.

Pricing

• Price: £0.02 to £0.04 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We offer a free trial with full functionality for a period of 30 days with a maximum of 2000 credits.
• Link to free trial: https://www.data-8.co.uk/services/data-validation/validation-services/bank-validation

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@data-8.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.